US10440028B1ActiveUtilityA1

Distributed authorization of identities in a dynamic connected environment

90
Assignee: CYBERARK SOFTWARE LTDPriority: Mar 19, 2018Filed: Jan 16, 2019Granted: Oct 8, 2019
Est. expiryMar 19, 2038(~11.7 yrs left)· nominal 20-yr term from priority
H04L 63/0876H04L 63/0861H04L 63/102G06F 21/40H04L 63/205H04L 2209/88H04L 9/3239H04L 9/0637H04L 67/10H04L 63/08H04L 2209/805H04L 9/50
90
PatentIndex Score
13
Cited by
13
References
20
Claims

Abstract

Techniques include receiving, at a sensor, a request for authentication of an identity; determining, based on a distributed ledger, a dynamic credibility score for the identity; determining whether the dynamic credibility score for the identity can be validated by consensus by at least a subset of distributed verification services, based on whether the dynamic credibility score for the identity is within a range of variance from one or more credibility scores for the identity determined by the subset of the plurality of distributed verification services; and determining, based on whether the dynamic credibility score for the identity can be validated by consensus, whether to authorize the identity to perform the action in the blockchain network.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to dynamically authorize an action made by an identity in a dynamically connected networked environment, the operations comprising:
 receiving, at a first sensor associated with a first verification service, from among a plurality of distributed verification services in a distributed network, a request for authorization of the action made by the identity, wherein the request includes no authentication information associated with the identity and the request is associated with a request to perform the action in the distributed network; 
 determining, based on a distributed ledger belonging to the distributed network, and maintained by a verification service and shared by the plurality of distributed verification services, a dynamic credibility score for the identity, the dynamic credibility score for the identity being based in part on a level of trust of the first sensor; 
 wherein the distributed ledger is developed based on receiving information associated with a plurality of different types of credibility-building actions taken by a user associated with the identity at a plurality of sensors associated with the plurality of distributed verification services, each of the plurality of sensors being configured with permissions data; 
 determining whether the dynamic credibility score for the identity can be validated by consensus by at least a subset of two or more of the plurality of distributed verification services, based on whether the dynamic credibility score for the identity is within a range of variance from one or more credibility scores for the identity determined by the subset of the plurality of distributed verification services; and 
 determining, based on whether the dynamic credibility score for the identity can be validated by consensus, whether to authorize the identity to perform the action in the distributed network, wherein at least one of the credibility score determination or the validation determination is made according to a level of trust associated with the first sensor. 
 
     
     
       2. The non-transitory computer readable medium of  claim 1 , wherein the request includes no authentication credentials associated with the identity. 
     
     
       3. The non-transitory computer readable medium of  claim 1 , wherein each of the plurality of distributed verification services is associated with one or more of the plurality of sensors. 
     
     
       4. The non-transitory computer readable medium of  claim 3 , wherein each of the plurality of sensors is assigned a weight, wherein the weight determines an amount that one or more of the plurality of distributed verification services brings to the consensus. 
     
     
       5. The non-transitory computer readable medium of  claim 1 , wherein the level of trust is based, at least in part, on the requested action. 
     
     
       6. The non-transitory computer readable medium of  claim 1 , wherein the level of trust is based, at least in part, on an access-restricted resource associated with the verification service. 
     
     
       7. The non-transitory computer readable medium of  claim 1 , wherein the first sensor comprises at least one of: a biometric sensor or an RFID transceiver. 
     
     
       8. The non-transitory computer readable medium of  claim 1 , wherein the request for authorization is made by the identity. 
     
     
       9. The non-transitory computer readable medium of  claim 1 , wherein the first verification service is verified to the distributed network that includes the plurality of distributed verification services. 
     
     
       10. The non-transitory computer readable medium of  claim 1 , wherein authorizing the identity to perform the action in the distributed network comprises allowing the identity to access an access-restricted resource. 
     
     
       11. A computer-implemented method for dynamically authorizing an action made by an identity in a dynamically connected networked environment, the method comprising:
 receiving, at a first sensor associated with a first verification service, from among a plurality of distributed verification services in a distributed network, a request for authorization of the action made by the identity, wherein the request includes no authentication information associated with the identity and the request is associated with a request to perform the action in the network; 
 determining, based on a distributed ledger belonging to the distributed network, and maintained by the first verification service and shared by the plurality of distributed verification services, a dynamic credibility score for the identity being based in part on a level of trust of the first sensor; 
 wherein the distributed ledger is developed based on receiving information associated with a plurality of different types of credibility-building actions taken by a user associated with the identity at a plurality of sensors associated with the plurality of distributed verification services, each of the plurality of sensors being configured with permissions data; 
 determining whether the dynamic credibility score for the identity can be validated by consensus by at least a subset of two or more of the plurality of distributed verification services, based on whether the dynamic credibility score for the identity is within a range of variance from one or more credibility scores for the identity determined by the subset of the plurality of distributed verification services; and 
 determining, based on whether the dynamic credibility score for the identity can be validated by consensus, whether to authorize the identity to perform the action in the distributed network, wherein at least one of the credibility score determination or the validation determination is made according to a level of trust associated with the first sensor. 
 
     
     
       12. The computer-implemented method of  claim 11 , wherein determining the dynamic credibility score for the identity includes dynamically calculating the dynamic credibility score based on the level of trust associated with the first sensor. 
     
     
       13. The computer-implemented method of  claim 12 , wherein determining whether the dynamic credibility score for the identity can be validated by consensus is based on the level of trust associated with the first sensor. 
     
     
       14. The computer-implemented method of  claim 11 , wherein the first verification service is verified to the distributed network that includes the plurality of distributed verification services. 
     
     
       15. The computer-implemented method of  claim 14 , wherein the identity has a contract with the distributed network that includes the dynamic credibility score for the identity. 
     
     
       16. The computer-implemented method of  claim 11 , wherein the first sensor comprises an RFID transceiver at a physical access point to a building. 
     
     
       17. The computer-implemented method of  claim 11 , wherein the first sensor comprises a biometric sensor of a computing device. 
     
     
       18. The computer-implemented method of  claim 11 , wherein the first sensor comprises an input interface of an IoT device. 
     
     
       19. The computer-implemented method of  claim 11 , wherein the credibility-building actions are received by a plurality of sensors, each credibility-building action being assigned a weight based on the level of trust associated with each of the plurality of sensors. 
     
     
       20. The computer-implemented method of  claim 19 , wherein authorizing the identity to perform the action in the distributed network comprises allowing the identity to access an access-restricted resource.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.